Amazon Fire TV and traffic to TCP echo service on port 7

jfernandezr · October 4, 2023, 5:46pm

Hi all

I’ve been reviewing my Mikrotik router logs to review all logged traffic and found out the following traffic that is nowhere documented on Fire TV devices.

10:34:31 firewall,info DROP_INPUT_NOTLAN input: in:vlan3-red out:(unknown 0), connection-state:new src-mac fc:a1:83:88:3b:30, proto TCP (SYN), 192.168.83.237:55601->192.168.83.2:7, len 60

Here, the subnet 192.168.83.x does not have access to INPUT (accessing the router), only forwarding traffic, as this belongs to a VLAN subnet dedicated for IoT devices. I allow ICMP from any LAN devices though.

My questions are:

Have you also seen this tcp-echo traffic from any other devices? I’ve read that it’s sometimes used to WoL other devices, but here the originator is the Fire TV device.
What would you say it’s the best action, to REJECT instead of DROP the traffic so that device is aware he’s not allowed to, or even ACCEPT the traffic and allow it to get the response?

Thanks and have a great day!

optio · October 4, 2023, 6:16pm

Could be related to Android API isReachable which is trying to use echo service to detect if host (gw in your case) is reachable if ICMP fails, could be some Android system service or app. If you don’t have system/app issues on Fire TV no reason to allow this connection. You can also examine Android logs over ADB (adb logcat | less) and maybe find some useful info regarding this.

jfernandezr · October 13, 2023, 8:20am

That should be it, I’ve just discovered that ICMP packets can only be sent from an app with root privileges, so non-root processes use TCP ECHO in order to check host availability.

Thanks!

colleenjames237 · February 18, 2024, 7:03pm

Amazon Fire TV does not support direct traffic to the TCP echo service on port 7 as it is not a feature or functionality provided by the device.

jfernandezr · February 19, 2024, 8:32am

Sorry but in this case the Fire TV is the client originating the TCP packet to my router, it’s not a service that the Fire TV should provide but is a service the Fire TV uses. This question has already been solved.

optio · February 19, 2024, 10:29am

@jfernandezr ignore it, this is some bot answer

ast3citos · July 6, 2024, 9:13pm

Hi, I think I managed to identify this problem with a bit of tinkering and a lot of googling…

Amazon devices sync with each other with ESP (Echo Spatial Perception), and they need to contact each other and Amazon servers.

They use the following ports
UDP: 123,443,4070,5353,40317,49317,33434,2306,55444
TCP: 55442,55443

My IoT devices are in an IoT 2.4GHz WLAN and VLAN. My streaming devices are in a different Streaming 5GHz WLAN and VLAN, with 802.1p QoS PCP value of 4 (for video priority applications).

What I didn’t understand at first is why most of the traffic was interVLAN, until I read about Alexa ESP. Digging further I found out that all of it was communication between Echos and FireTV.

onlineuser · February 5, 2025, 6:15am

Is it possible to disable the requests from Amazon stick to TCP port 7?
I also noticed that the Amazon stick always try to send such requests.